CVE-2021-22986: How to Test for and Mitigate the F5 BIG-IP Vulnerability

, ,

Background on F5 BIG-IP

F5 BIG-IP is a widely used application delivery controller that helps organizations manage and optimize their application delivery infrastructure. It is used by many Fortune 500 companies and government agencies.

Details of CVE-2021-22986

CVE-2021-22986 is a critical vulnerability in F5 BIG-IP that affects versions 11.6.x, 12.x, 13.x, 14.x, and 15.x. The vulnerability allows an attacker to remotely execute arbitrary code on a vulnerable system.

The vulnerability is caused by an improper input validation in the F5 iControl REST API. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the API. Successful exploitation of the vulnerability could allow an attacker to gain full access to a targeted system, including stealing sensitive data and executing commands on the system.

Steps to Test for CVE-2021-22986

To test if your system is vulnerable to CVE-2021-22986, you can use the following steps:

  1. Download and install Nessus or Nmap..
  2. Scan your network for F5 BIG-IP devices.
  3. Run a vulnerability scan on the identified devices.
  4. If the scan detects CVE-2021-22986, your system is vulnerable.

Another method to test for the vulnerability is by checking if the BIG-IP Configuration Utility is accessible without authentication. You can do this by navigating to: 

https://[target_IP_address]/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd.

If you are unable to perform these tests, you can contact your F5 support team for assistance.

Mitigation for CVE-2021-22986

F5 has released patches to address CVE-2021-22986, and they recommend that all customers upgrade to the latest version of the software as soon as possible. The following versions of the software contain patches for the vulnerability:

  • BIG-IP 16.0.1.1
  • BIG-IP 15.1.2.1
  • BIG-IP 14.1.4.3
  • BIG-IP 13.1.3.7
  • BIG-IP 12.1.5.3
  • BIG-IP 11.6.5.3

In addition to upgrading the software, F5 also recommends that customers implement network segmentation to reduce the attack surface and configure the BIG-IP system to use secure authentication methods.

Conclusion

CVE-2021-22986 is a critical vulnerability in F5 BIG-IP that could allow an attacker to execute arbitrary code on a vulnerable system. To protect against this vulnerability, it’s important to upgrade to the latest version of the software and follow the recommended mitigation steps. By taking these steps, you can help protect your organization from this and other similar vulnerabilities.